We run a small PC-repair business. We've been into hundreds of homes — kitchen tables in Tenterden, dining rooms in Folkestone, laptop-on-knee in Hastings, Windows XP still clinging on in a corner of Hythe. The job used to look very specific: a slow machine, pop-ups everywhere, a rogue toolbar nobody remembered installing, the little red shield from McAfee bleating about 300 threats.
That job has almost completely gone away.
Microsoft Defender caught up. Browsers got locked down. Bloatware got prosecuted. We still do the occasional clean-up, a startup list with 27 entries nobody remembers, a broken driver — the usual stuff. But full-blown viruses? We genuinely see maybe two or three a year now.
So why are we busier than ever? Because the threat moved. It moved from the Program Files folder to your inbox.
The modern threat, in numbers
(Action Fraud, 2024)
vs actual malware infections
with a single fake email
We’re not security researchers. We just watch what happens to real customers — the retired couple with the Surface Pro, the small-business owner running her accounts from a laptop in her conservatory. And the pattern is consistent: it almost always starts with an email that looks like it’s from someone they trust.
What a scam email actually looks like
The attackers don’t send crude "Nigerian Prince" letters any more. They send something that looks convincing enough to make you pause for half a second, click a link, and end up on a page you think is your bank’s login. Here’s one pattern we see constantly:
Our records show you are owed a refund of £87.24 on your BT account. To claim your refund, please confirm your details within 24 hours, otherwise the refund will be returned to the treasury.
Click here to claim your £87.24 refund
Thank you for being a valued BT customer.
bt.com. BT don’t give refunds via email links. The clock pressure ("within 24 hours") is a classic coercion trigger. The link would take you to a page that looks like BT but silently harvests your login and card details.
This is the form almost every scam email takes. The names change — HMRC tax refund, Royal Mail missed parcel, PayPal account suspended, TalkTalk overpayment, Microsoft 365 renewal, your bank’s fraud team — but the skeleton is identical. A familiar logo, a small number ("just £1.99 to release your parcel"), urgency, a link.
Three stories we can’t shake
Names and details changed. The losses are real.
The email said BT had overcharged him and there was a £204 refund waiting. He followed the link, filled in his card details to "receive" the refund. Within forty minutes his account had been drained of £4,312. His bank managed to recover about a third. The rest was gone.
The email said her PayPal account was suspended for suspicious activity and she needed to verify her identity immediately. The page looked identical to PayPal. She logged in. The attackers changed her email address within ninety seconds, set up a new payee, and drained the balance. Because she’d “authorised” the login, her bank pushed back on reimbursement for two months.
A text and a follow-up email both said a parcel was waiting but needed a £1.99 re-delivery fee. She paid. A month later her card was used for £820 of online shopping. She said to us afterwards: "It was only £1.99 — I thought, what’s the harm?" The harm is that the card number went straight to an attacker’s database, which is rented out to other scammers.
Why Windows Defender can’t help here
Defender is excellent. It’s what we recommend for virus protection — and we don’t try to replace it. But Defender works on files: it watches what gets downloaded, what gets executed, what touches your registry. A phishing email isn’t a file. It’s just text and a link. Nothing unusual has to run on your machine for you to lose money.
Similarly, most email providers have spam filters, but they’re tuned to look obviously spammy. A well-crafted phishing email — one paragraph, a familiar name, a plausible reason — slides right past them. We see it in our customers’ inboxes every week.
How EverGuard catches these
We built EverGuard because this was exactly the problem we kept solving for our customers, one house visit at a time. The idea is small and specific:
- Every email that lands in your Outlook Inbox is read by an AI in the background. It only takes a couple of seconds. You don’t have to do anything.
- If it looks dangerous, a second, stronger AI verifies it before anything happens. Two independent judgements have to agree before an email is quietly moved out of sight.
- Dangerous emails go into a “Dangerous Email” folder and a gentle notification appears: "EverGuard moved an email pretending to be from HMRC." You can read it safely, or delete it, but you can’t accidentally click a link on it while scanning your inbox at 8am.
- Nothing is permanent. Dangerous items sit in the folder for 30 days in case we ever get one wrong — which happens rarely, and is always reversible.
In our own beta testing with 23 customers over six months, EverGuard caught 100% of phishing emails in the test set and didn’t misclassify a single genuine email as dangerous — the second-AI check exists to keep that second number at zero.
You probably don’t need a new antivirus. You probably need this.
If you’ve been on Windows for more than ten years, you’ve been told over and over that the most important thing on your computer is antivirus. In 2026 that’s not quite true any more. Defender is already doing the virus job. What’s missing is a calm, patient, always-watching eye on your inbox — because that’s where the money actually gets lost now.
EverGuard is £4.99 a month. It runs quietly. If we catch even one scam email that would have cost you hundreds or thousands of pounds, the subscription has paid for itself for a lifetime.
Protect your inbox for £4.99/month
Works with Classic Outlook on Windows 10 & 11. 30-day money-back guarantee.
Get EverGuard